<? 
session_start();
				
include ('conn.php');
				
$db = get_conn();
				
check_session();
		  
if ($_POST['Agregar']!=""){


	$sql = "INSERT INTO users (name,lastname,lastname2,id_location,id_number,email,email2,comments,passwd,last_login,last_ip,phone1,phone2,phone3,ext,workplace,debug,ocupation,moving_date,ustatus) VALUES (
	\"".htmlspecialchars($_POST['name'])."\",
	\"".htmlspecialchars($_POST['lastname'])."\",
	\"".htmlspecialchars($_POST['lastname2'])."\",
	".($_POST['id_location']).",
	\"".htmlspecialchars($_POST['id_number'])."\",
	\"".htmlspecialchars($_POST['email'])."\",
	\"".htmlspecialchars($_POST['email2'])."\",
	\"".htmlspecialchars($_POST['comments'])."\",
	\"".htmlspecialchars($_POST['passwd'])."\",
	\"".htmlspecialchars($_POST['last_login'])."\",
	\"".htmlspecialchars($_POST['last_ip'])."\",
	\"".htmlspecialchars($_POST['phone1'])."\",
	\"".htmlspecialchars($_POST['phone2'])."\",
	\"".htmlspecialchars($_POST['phone3'])."\",
	\"".htmlspecialchars($_POST['ext'])."\",
	\"".htmlspecialchars($_POST['workplace'])."\",
	".($_POST['debug']).",
	\"".htmlspecialchars($_POST['ocupation'])."\",
	\"".htmlspecialchars($_POST['moving_date'])."\",
	\"".htmlspecialchars($_POST['ustatus'])."\")";
			

			
	$result = mysql_query($sql);
			
 	if($result){
		$current = mysql_insert_id();
		add_roles($_POST['id_rol'],$current);						
		save_options($_POST['id_option'],$current);
		do_redirect('../users.php');	
			
 	}else{
			
 		error_handling('users.insert  - '.$sql,mysql_error());
			
 	}				  
		 
}//Agregar



if ($_POST['quick_add']!=""){
	$sql = "INSERT INTO users (email,name,passwd,phone1,ustatus) VALUES (
	\"".htmlspecialchars($_POST['email'])."\",
	\"".htmlspecialchars($_POST['name'])."\",
	\"".htmlspecialchars($_POST['passwd'])."\",
	\"".htmlspecialchars($_POST['phone1'])."\"7,
	'A')";
	$result = mysql_query($sql);
			
 	if($result){
		$current = mysql_insert_id();
		add_roles(2,$current);
								

		echo "
				<html>
				<head> 
				<script src='tools/modal/jquery-1.4.2.js'     type='text/javascript'></script>
				<script type='text/javascript'>
				function callback(){
					parent.refresh_Owner(".$current.");
					parent.$.modal().close();
				}
				</script>
				</head>
				<body onLoad='callback();'></body>
				</html>	
		
		";

		send_welcome_email($current);

			
 	}else{
			
 		error_handling('users.insert  - '.$sql,mysql_error());
			
 	}				  
		 
}//Agregar



		  
if ($_POST['Actualizar']!=""){
			
	$sql = "update users set 
	name=\"".htmlspecialchars($_POST['name'])."\",
	lastname=\"".htmlspecialchars($_POST['lastname'])."\",
	lastname2=\"".htmlspecialchars($_POST['lastname2'])."\",
	id_location=".$_POST['id_location'].",
	id_number=\"".htmlspecialchars($_POST['id_number'])."\",
	email=\"".htmlspecialchars($_POST['email'])."\",
	email2=\"".htmlspecialchars($_POST['email2'])."\",
	comments=\"".htmlspecialchars($_POST['comments'])."\",
	passwd=\"".htmlspecialchars($_POST['passwd'])."\",
	phone1=\"".htmlspecialchars($_POST['phone1'])."\",
	phone2=\"".htmlspecialchars($_POST['phone2'])."\",
	phone3=\"".htmlspecialchars($_POST['phone3'])."\",
	ext=\"".htmlspecialchars($_POST['ext'])."\",
	workplace=\"".htmlspecialchars($_POST['workplace'])."\",
	ocupation=\"".htmlspecialchars($_POST['ocupation'])."\",
	moving_date=\"".htmlspecialchars($_POST['moving_date'])."\",
	ustatus=\"".htmlspecialchars($_POST['ustatus'])."\" 
	where id_user=".$_POST['id_user'];
			 
			
	$result = mysql_query($sql);
			
	if($result){

		add_roles($_POST['id_rol'],$_POST['id_user']);						
		save_options($_POST['id_option'],$_POST['id_user']);						

		do_redirect('../users.php');	
	}else{
				
		error_handling('users.update - '.$sql,mysql_error());
			
	}				  
		 
}//update
		  
if ($_POST['Eliminar']!=""){
			
	$sql = "delete from user_rol where id_user=".$_POST['id_user'];
	$result = mysql_query($sql);
	if(!$result){
		error_handling('users.delete - '.$sql,mysql_error());
	}
	
	
	$sql = "delete from users_access where id_user=".$_POST['id_user'];
	$result = mysql_query($sql);
	if(!$result){
		error_handling('users_access.delete - '.$sql,mysql_error());
	}

	
	$sql = "delete from users_options_granted where id_user=".$_POST['id_user'];
	$result = mysql_query($sql);
	if(!$result){
		error_handling('users_options.delete - '.$sql,mysql_error());
	}
	

	$sql = "delete from users where id_user=".$_POST['id_user'];
	$result = mysql_query($sql);
	if($result){
		do_redirect('../users.php');	
	}else{
		error_handling('users.delete - '.$sql,mysql_error());
	}				  
		 
}//delete
		  
if ($_POST['Nuevo']!=""){
		do_redirect('../users.php');	
}//nuevo



?>